netfilter

Paul Rusty Russell Paul.Russell@rustcorp.com.au
Sat, 18 Sep 1999 12:59:05 +0930


In message <99091500430600.00871@acheron> you write:
> Hi,
> 
> I'm playing around with netfilter 0.1.7 with  kernel 2.3.15; I'm considering
> writing a GTK wrapper and more for netfilter (it will start as a wrapper and
> eventually be extended to a real firewall program that will do more complex
> logging and alerting and such).  I've had problems compiling the netfilter co
de
> since I don't have "net/ethernet.h" (I'm a slackware fan and am so I only hav
e
> glibc runtime support not header files) -- is this a glibc 2.0 or a 2.1 thing
. 
> What is your code supposed to be compiled against?

glibc, but 0.1.8 should be libc5-compliant.  It's not that different
really.

> Also, do you have any suggestions, warnings, as to what direction your code
> might take, and pitfalls I might want to watch out for so I don't have to keep
> re-writing my code.  I'm thinking of compiling your code right into mine, and
> having the firewall handle simple rules in the kernel (to keep things fast),
> and to send packets flagged for complex logging or content-based checking to a
> userspace device.

This may change: I want to change to netlink for the
userspace<->kernel communication.  But it won't be too severe.

Once thing I've wanted to do is write a little connection watching
daemon: it gets consulted for new connections coming in from the
outside (eg. through a ppp line).  By default the daemon rejects all
incoming connections.  User modules (eg. a gtk module) connect in to
the daemon, and the daemon asks the module (with careful limiting to
avoid floods) whether it should be accepted.  Responses would include
YES, NO, NEVER (for some time), ANY TO SAME PORT (for some time), ANY
FROM SAME HOST (for some time), etc.

It'd be cute, and very useful.
Rusty.
--
Hacking time.